Certified in Risk and Information Systems Control (CRISC) — Question 827

When developing risk scenarios using a list of generic scenarios based on industry best practices, it is MOST important to:

Answer options

• A. assess generic risk scenarios with business users.
• B. validate the generic risk scenarios for relevance.
• C. select the maximum possible risk scenarios from the list.
• D. identify common threats causing generic ask scenarios.

Correct answer: B

Explanation

The correct answer is B because validating the relevance of generic risk scenarios ensures that they apply to the specific context of the organization. Options A, C, and D are important steps, but without validation, any assessment, selection, or identification may not align with the unique risks faced by the business.